C#: Update Csv validation to allow sources and sink kinds to be prefixed with generated.

michaelnebel · michaelnebel · commit 2562910b9495 · 2022-04-05T14:25:34.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -358,20 +358,23 @@ module CsvValidation {
       )
     )
     or
-    exists(string row, string kind | summaryModel(row) |
-      kind = row.splitAt(";", 8) and
-      not kind = ["taint", "value", "generated:taint", "generated:value"] and
+    exists(string row, string k, string kind | summaryModel(row) |
+      k = row.splitAt(";", 8) and
+      getKind(k, kind, _) and
+      not kind = ["taint", "value"] and
       msg = "Invalid kind \"" + kind + "\" in summary model."
     )
     or
-    exists(string row, string kind | sinkModel(row) |
-      kind = row.splitAt(";", 7) and
+    exists(string row, string k, string kind | sinkModel(row) |
+      k = row.splitAt(";", 7) and
+      getKind(k, kind, _) and
       not kind = ["code", "sql", "xss", "remote", "html"] and
       msg = "Invalid kind \"" + kind + "\" in sink model."
     )
     or
-    exists(string row, string kind | sourceModel(row) |
-      kind = row.splitAt(";", 7) and
+    exists(string row, string k, string kind | sourceModel(row) |
+      k = row.splitAt(";", 7) and
+      getKind(k, kind, _) and
       not kind = "local" and
       msg = "Invalid kind \"" + kind + "\" in source model."
     )
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -606,9 +606,10 @@ module CsvValidation {
       )
     )
     or
-    exists(string row, string kind | summaryModel(row) |
-      kind = row.splitAt(";", 8) and
-      not kind = ["taint", "value", "generated:taint", "generated:value"] and
+    exists(string row, string k, string kind | summaryModel(row) |
+      k = row.splitAt(";", 8) and
+      getKind(k, kind, _) and
+      not kind = ["taint", "value"] and
       msg = "Invalid kind \"" + kind + "\" in summary model."
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -606,9 +606,10 @@ module CsvValidation {`
`606`	`606`	`)`
`607`	`607`	`)`
`608`	`608`	`or`
`609`		`- exists(string row, string kind \| summaryModel(row) \|`
`610`		`- kind = row.splitAt(";", 8) and`
`611`		`- not kind = ["taint", "value", "generated:taint", "generated:value"] and`
	`609`	`+ exists(string row, string k, string kind \| summaryModel(row) \|`
	`610`	`+ k = row.splitAt(";", 8) and`
	`611`	`+ getKind(k, kind, _) and`
	`612`	`+ not kind = ["taint", "value"] and`
`612`	`613`	`msg = "Invalid kind \"" + kind + "\" in summary model."`
`613`	`614`	`)`
`614`	`615`	`}`